First Flight #6: Voting Booth
First Flight #6
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Wrong calculation for rewardPerVoter

Astha0211

Summary

Wrong calculation for rewardPerVoter because we are using totalVotes instead we should use totalVotesFor only as rewards will only distributed to for voter .

uint256 totalVotes = totalVotesFor + totalVotesAgainst;
.
.
uint256 rewardPerVoter = totalRewards / totalVotes;

It is mentioned if proposal passed so distribute rewards to the For voters. If we include totalVotesAgainst in calculating reward to per for voter reward will not be accurate and some residue eth will be left in contract as there is no way to withdraw left balance.

Vulnerability Details

If s_creator deployed contract with 5 addresses and 1 ether . .

address(0x1)
address(0x2)
address(0x3)
address(0x4)
address(0x5)

Only three of them VOTED

address(0x1) - true
address(0x2) - true
address(0x3) - false

Impact

uint256 totalVotes = totalVotesFor + totalVotesAgainst; --> 2 + 1 = 3
.
uint256 totalRewards = address(this).balance;
uint256 rewardPerVoter = totalRewards / totalVotes; --> `0.333...` to each player

But for reward distribution loop running on totalVotesFor only

for (uint256 i; i < totalVotesFor; ++i)

that will distribute 0.333.. to 2 player leaving 0.333... eth stuck in contract.

Tools Used

Manual review

Recommendations

To fix this, we should only user totalVotesFor only and we can evenly distribute reward without any residue.

Updates

Lead Judging Commences

0xnevi Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

VotingBooth._distributeRewards(): Incorrect computation of rewardPerVoter

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.